-
Type: Sub-task
-
Resolution: Fixed
-
Priority: Unknown
-
Affects Version/s: None
-
Component/s: None
Acceptance Criteria
- add azure/identity as an optional peer dependency to mongodb-client-encryption
- refactor the existing credential providers into separate modules, with a single index.js exporting them together
- create a new provider for azure
- add a kms refresh function that lazily imports the azure module and fetches the credentials
- add support for caching of the azure kms token
- add Typescript support in libmongocrypt
Testing
- lazily importing of kms providers
- we don't import the azure module unless requested
- caching of credentials
- we refresh the token when the token expires < 60s from the current time
- we do not refresh the token when the token expires > 60s from the current time and return the cached token
- if there is no cached token, we refresh the token